openSUSE-SU-2018:0248-1

Опубликовано: 26 янв. 2018

Источник: suse-cvrf

Описание

Security update for php5

This update for php5 fixes several issues.

These security issues were fixed:

CVE-2018-5712: Prevent reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file that allowed for information disclosure (bsc#1076220)
CVE-2018-5711: Prevent integer signedness error that could have lead to an infinite loop via a crafted GIF file allowing for DoS (bsc#1076391)

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.2

apache2-mod_php5-5.5.14-91.2

php5-5.5.14-91.2

php5-bcmath-5.5.14-91.2

php5-bz2-5.5.14-91.2

php5-calendar-5.5.14-91.2

php5-ctype-5.5.14-91.2

php5-curl-5.5.14-91.2

php5-dba-5.5.14-91.2

php5-devel-5.5.14-91.2

php5-dom-5.5.14-91.2

php5-enchant-5.5.14-91.2

php5-exif-5.5.14-91.2

php5-fastcgi-5.5.14-91.2

php5-fileinfo-5.5.14-91.2

php5-firebird-5.5.14-91.2

php5-fpm-5.5.14-91.2

php5-ftp-5.5.14-91.2

php5-gd-5.5.14-91.2

php5-gettext-5.5.14-91.2

php5-gmp-5.5.14-91.2

php5-iconv-5.5.14-91.2

php5-imap-5.5.14-91.2

php5-intl-5.5.14-91.2

php5-json-5.5.14-91.2

php5-ldap-5.5.14-91.2

php5-mbstring-5.5.14-91.2

php5-mcrypt-5.5.14-91.2

php5-mssql-5.5.14-91.2

php5-mysql-5.5.14-91.2

php5-odbc-5.5.14-91.2

php5-opcache-5.5.14-91.2

php5-openssl-5.5.14-91.2

php5-pcntl-5.5.14-91.2

php5-pdo-5.5.14-91.2

php5-pear-5.5.14-91.2

php5-pgsql-5.5.14-91.2

php5-phar-5.5.14-91.2

php5-posix-5.5.14-91.2

php5-pspell-5.5.14-91.2

php5-readline-5.5.14-91.2

php5-shmop-5.5.14-91.2

php5-snmp-5.5.14-91.2

php5-soap-5.5.14-91.2

php5-sockets-5.5.14-91.2

php5-sqlite-5.5.14-91.2

php5-suhosin-5.5.14-91.2

php5-sysvmsg-5.5.14-91.2

php5-sysvsem-5.5.14-91.2

php5-sysvshm-5.5.14-91.2

php5-tidy-5.5.14-91.2

php5-tokenizer-5.5.14-91.2

php5-wddx-5.5.14-91.2

php5-xmlreader-5.5.14-91.2

php5-xmlrpc-5.5.14-91.2

php5-xmlwriter-5.5.14-91.2

php5-xsl-5.5.14-91.2

php5-zip-5.5.14-91.2

php5-zlib-5.5.14-91.2

openSUSE Leap 42.3

apache2-mod_php5-5.5.14-91.2

php5-5.5.14-91.2

php5-bcmath-5.5.14-91.2

php5-bz2-5.5.14-91.2

php5-calendar-5.5.14-91.2

php5-ctype-5.5.14-91.2

php5-curl-5.5.14-91.2

php5-dba-5.5.14-91.2

php5-devel-5.5.14-91.2

php5-dom-5.5.14-91.2

php5-enchant-5.5.14-91.2

php5-exif-5.5.14-91.2

php5-fastcgi-5.5.14-91.2

php5-fileinfo-5.5.14-91.2

php5-firebird-5.5.14-91.2

php5-fpm-5.5.14-91.2

php5-ftp-5.5.14-91.2

php5-gd-5.5.14-91.2

php5-gettext-5.5.14-91.2

php5-gmp-5.5.14-91.2

php5-iconv-5.5.14-91.2

php5-imap-5.5.14-91.2

php5-intl-5.5.14-91.2

php5-json-5.5.14-91.2

php5-ldap-5.5.14-91.2

php5-mbstring-5.5.14-91.2

php5-mcrypt-5.5.14-91.2

php5-mssql-5.5.14-91.2

php5-mysql-5.5.14-91.2

php5-odbc-5.5.14-91.2

php5-opcache-5.5.14-91.2

php5-openssl-5.5.14-91.2

php5-pcntl-5.5.14-91.2

php5-pdo-5.5.14-91.2

php5-pear-5.5.14-91.2

php5-pgsql-5.5.14-91.2

php5-phar-5.5.14-91.2

php5-posix-5.5.14-91.2

php5-pspell-5.5.14-91.2

php5-readline-5.5.14-91.2

php5-shmop-5.5.14-91.2

php5-snmp-5.5.14-91.2

php5-soap-5.5.14-91.2

php5-sockets-5.5.14-91.2

php5-sqlite-5.5.14-91.2

php5-suhosin-5.5.14-91.2

php5-sysvmsg-5.5.14-91.2

php5-sysvsem-5.5.14-91.2

php5-sysvshm-5.5.14-91.2

php5-tidy-5.5.14-91.2

php5-tokenizer-5.5.14-91.2

php5-wddx-5.5.14-91.2

php5-xmlreader-5.5.14-91.2

php5-xmlrpc-5.5.14-91.2

php5-xmlwriter-5.5.14-91.2

php5-xsl-5.5.14-91.2

php5-zip-5.5.14-91.2

php5-zlib-5.5.14-91.2

Ссылки

https://lists.opensuse.org/opensuse-updates/2018-01/msg00103.html
E-Mail link for openSUSE-SU-2018:0248-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.

Затронутые продукты

openSUSE Leap 42.2:apache2-mod_php5-5.5.14-91.2

openSUSE Leap 42.2:php5-5.5.14-91.2

openSUSE Leap 42.2:php5-bcmath-5.5.14-91.2

openSUSE Leap 42.2:php5-bz2-5.5.14-91.2

Ссылки

https://www.suse.com/security/cve/CVE-2018-5711.html
CVE-2018-5711
https://bugzilla.suse.com/1076391
SUSE Bug 1076391

Описание

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.

Затронутые продукты

openSUSE Leap 42.2:apache2-mod_php5-5.5.14-91.2

openSUSE Leap 42.2:php5-5.5.14-91.2

openSUSE Leap 42.2:php5-bcmath-5.5.14-91.2

openSUSE Leap 42.2:php5-bz2-5.5.14-91.2

Ссылки

https://www.suse.com/security/cve/CVE-2018-5712.html
CVE-2018-5712
https://bugzilla.suse.com/1076220
SUSE Bug 1076220
https://bugzilla.suse.com/1076391
SUSE Bug 1076391
https://bugzilla.suse.com/1091362
SUSE Bug 1091362

openSUSE-SU-2018:0248-1

Описание

Список пакетов

openSUSE Leap 42.2

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2018-5711

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-5712

Описание

Затронутые продукты

Ссылки